Re: Run SQL Server as domain user

Thanks for your complementary comment Ben. Using SQL Server Configuration Manager was the point that I was going to stress in my post. I forgot mentioning it somehow. It was like a cherry on the cake. Gosh!

Smokey, that stuff (SQL Server' s adding your SQL Server service account to those builtin groups automatically) would not happen automatically if you would not use SQL Server Configuration Manager for changing your SQL Server services... For example if you try to change your SQL Server service account using Services MMC, your new SQL Server service account would not be added to the appropriate groups and so would not have necessary rights to make SQL Server work properly.

--
Ekrem Önsoy



"Ben Nevarez" <BenNevarez@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:5A80739D-302A-4897-9EFC-D1BBA6D4DE37@xxxxxxxxxxxxxxxx

Just to add to Ekrem's comment. Just change the account using SQL Server
Configuration Manager and it will take care of everything.

Hope this helps,

Ben Nevarez
Senior Database Administrator
AIG SunAmerica



"Ekrem Önsoy" wrote:

You can simply create a domain user account and use it as your SQL Server
service account. You do not need to perform any extra job. (such as adding
the mentioned account to the Local Admins group e.g.)

SQL Server 2005 has its Builtin Local Windows Groups. SQL Server will add
the account that you specified as the SQL Server service to those groups and
the account will have the least necessary permissions to run.

It's not recommended using a Local or Domain Admin account as a SQL Server
service account.

--
Ekrem nsoy


"Smokey Grindel" <nospam@xxxxxxxxxx> wrote in message
news:O7WgdR%23QIHA.3516@xxxxxxxxxxxxxxxxxxxxxxx
>I want to set up SQL Server to run as a non-administrator domain user to
>prevent security leaks... whats the best way to do this? What files /
>folders does the user need permission to? thanks!
>


.

Relevant Pages

  • Re: SPN Requirement
    ... Making SQLSrvRunas member of Domain Admin and restarting SQL Server - ... As Sue point out, making the SQL Service account member of the domain ... The SQL Server service account should not be ...
    (microsoft.public.sqlserver.security)
  • Re: SPN Requirement
    ... Thank you Sue for translating the Error code (I?ll better find out how to ... Making SQLSrvRunas member of Domain Admin and restarting SQL Server - ... making the SQL Service account member of the domain ... ?Run the SQL Server service using a least privileged account to minimize the ...
    (microsoft.public.sqlserver.security)
  • RE: Upgrade from 2005 to 2008: Invalid Credentials
    ... it seems that this issue was related to NETWORK SERVICE account for SSIS service could not be validated on DC. ... Please first go to your Services pane, double click your SQL Server Integration Services, switch to the Log On tab to check if the service account is NETWORK SERVICE account. ... Install SQL Server 2008 from the Command Prompt ... Microsoft Online Community Support ...
    (microsoft.public.sqlserver.setup)
  • Re: SPN Requirement
    ... The service account for SQL Server needs to be a domain ... account to allow Write Public Information rights but I'd ... The SQL Network Interface library could not register the Service Principal ... Name for the SQL Server service. ...
    (microsoft.public.sqlserver.security)
  • Re: Question about "Distribution clean up: distribution" Job
    ... I granted the SQL Server Service Account "Full Control" over ... the Snapshot Folder and the job has been running successfully ever since. ... Then I went into the job step and copied the command it was ...
    (microsoft.public.sqlserver.replication)
Loading